Security Center

AEROHIVE SIRT

The Aerohive Security Incident Response Team (Aerohive SIRT) is responsible for researching, analyzing and responding to security incident reports related to Aerohive products. This team is the first point of contact for all security incident reports and works directly with Aerohive customers, security researchers, government organizations, consultants, industry security organizations, and other vendors to identify security issues with our products.

This team is also responsible for publishing security advisories and communicating with outside entities regarding mitigation steps for addressing particular security issues with Aerohive products. Aerohive respects and honors responsible disclosure practices. We do not have a bounty program, nor do we maintain a “wall of fame”

SECURITY BULLETINS

Aerohive Security Advisories are published for significant security issues that directly involve Aerohive products and require an upgrade, fix, or other customer action. In all security publications, Aerohive discloses the minimum amount of information required for an end-user to assess the impact of the reported vulnerability and any potential steps needed to protect their environment. Aerohive does not provide vulnerability details that could enable someone to craft an exploit. All security advisories here are displayed in chronological order, with the most recently updated advisory appearing at the top of the page.

HOW TO REPORT A SECURITY VULNERABILITY

The Aerohive SIRT has an email alias that makes it easy for customers and others to report potential security vulnerabilities.Once we acknowledge your email, we request five business days to reproduce the reported problem and prepare a response. We appreciate you waiting for our response prior to reporting the problem to others. Please report any potential or real instances of security vulnerabilities with any Aerohive Networks product to the Aerohive SIRT at security@aerohive.com. For immediate assistance, Aerohive TAC is available 24 hours a day by calling 1-866-365-9918 (North America) or +1-408-510-6100.

When you contact us please give as much information as possible. We encourage you to encrypt any sensitive information you send to us using our public key, visible below and available at various key servers.

Security Advisories

How do we respond to a notification?

All issues reported to the Security Incident Response Team will be investigated. Patches will be generated where necessary and a security advisory will be released. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and patches. However, we will never forward the email that you send to us, and we will not pass on any information that could identify you, your company, your machines, or your configuration.

Please note: Aerohive does not provide an advance notification service. Security patches and advisories are freely available from our web site.

To report a security issue to Aerohive Networks, we encourage you to use the following PGP key for secure communication.